MailScanner fail to detect any attachment on RHEL6.3
Ling Shi
ling at unimelb.edu.au
Mon Feb 11 22:40:14 GMT 2013
Thanks Martin!
Selinux doesn't matter. It was "permissive" and then "disabled", which
made no difference.
But "-U" worked. Thank you.
-----------------------------------
Feb 12 09:21:22 selene MailScanner[2854]: New Batch: Scanning 1
messages, 478011 bytes
Feb 12 09:21:22 selene MailScanner[2854]: Filename Checks: Blocked
Filename Detected (A4A95200159.A23FF test.exe)
Feb 12 09:21:22 selene MailScanner[2854]: Other Checks: Found 1 problems
:
Feb 12 09:21:30 selene MailScanner[2850]: New Batch: Scanning 1
messages, 147076 bytes
Feb 12 09:21:30 selene MailScanner[2850]: Filename Checks: Windows/DOS
Executable (2B2A820015C.AAA62 eFax_message.exe)
Feb 12 09:21:30 selene MailScanner[2850]: Filetype Checks: No
executables (2B2A820015C.AAA62 eFax_message.exe)
Feb 12 09:21:30 selene MailScanner[2850]: Other Checks: Found 2 problems
-----------------------------------
Now the next question (sorry my perl knowledge), MailScanner runs as
user "postfix", so the only problem is that when MailScanner uses setuid
programs. What setuid programs MailScanner uses? Does "-U" cause other
problem, like security issue?
-----------------------------------
-U allows Perl to do unsafe operations. Currently the only "unsafe"
operations are attempting to unlink directories while running as
superuser, and running setuid programs with fatal taint checks
turned into warnings. Note that the -w switch (or the $^W
variable) must be used along with this option to actually generate
the taint-check warnings.
-----------------------------------
On 12/02/2013 2:58 AM, Martin Hepworth wrote:
> coule of things..
>
> is Selinux off
> Have you put the -U flag at the the top of the mailscanner script?
>
>
> --
> Martin Hepworth, CISSP
> Oxford, UK
>
>
> On 10 February 2013 23:55, Ling Shi <ling at unimelb.edu.au
> <mailto:ling at unimelb.edu.au>> wrote:
>
> Hi,
>
> I recently moved our mail server (RHEL4.9/Postfix 2.2.10/MailScanner
> 4.74.16) to a new machine (RHEL6.3/Postfix 2.6.6/MailScanner 4.84.5).
> After that, MailScanner fails to detect any attachment, ie no
> Filename/Filetype check at all.
>
> By closely looking at /var/spool/MailScanner/incoming/<pid>, I found
> there're only <message-id>, <message-id>.header files, but empty
> <message-id> subdirectory, which means MIME::Parser doesn't work.
>
> `MailScanner -v` output:
>
> -----------------------------
> # MailScanner -v
> Running on
> Linux selene.ms.unimelb.edu.au <http://selene.ms.unimelb.edu.au>
> 2.6.32-279.22.1.el6.x86_64 #1 SMP Sun Jan
> 13 09:21:40 EST 2013 x86_64 x86_64 x86_64 GNU/Linux
> This is Red Hat Enterprise Linux Server release 6.3 (Santiago)
> This is Perl version 5.010001 (5.10.1)
>
> This is MailScanner version 4.84.5
> Module versions are:
> 1.00 AnyDBM_File
> 1.30 Archive::Zip
> :
> 3.08 MIME::Base64
> 5.504 MIME::Decoder
> 5.504 MIME::Decoder::UU
> 5.504 MIME::Head
> 5.504 MIME::Parser
> 3.08 MIME::QuotedPrint
> 5.504 MIME::Tools
> :
> -----------------------------
>
> I've tried to feed Postfix queue file (take from
> /var/spool/postfix/hold) to MailScanner on the old RHEL4 server, which
> generates correct <message-id>/<attachment-file>. So Postfix isn't the
> problem.
>
> I also tried feed the queue file to
>
> -----------------------------
> #! /usr/bin/perl
> use MIME::Parser;
> my $parser = new MIME::Parser;
> $parser->parse(\*STDIN)};
> -----------------------------
>
> but that didn't work, sure my perl knowledge is very basic.
>
> Could someone please help write me a perl script, which is similar to
> sub Explode {} in MailScanner::Message? The script takes Postfix queue
> file as import, the output will be like those in
> /var/spool/MailScanner/incoming/<pid>, ie
>
> <message-id>/<attachment> (if any)
> <message-id>
> <message-id>.header
>
> I'll use this script on both RHEL4 and RHEL6, hoping generate different
> result, so I can ask Redhat support team whether RHEL6's perl is at
> fault.
>
> Thank you.
>
> --
> Regards,
> Ling Shi
> (UnixSysad, MS, UniMelb)
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
>
>
--
Regards,
Ling Shi
(UnixSysad, MS, UniMelb)
More information about the MailScanner
mailing list